Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4041679
HistoryOct 16, 2017 - 7:00 a.m.

October 10, 2017—KB4041679 (Security-only update)

2017-10-1607:00:00
Microsoft
support.microsoft.com
13

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.799 High

EPSS

Percentile

98.3%

JSON

October 10, 2017—KB4041679 (Security-only update)

Improvements and fixes

This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Security updates to Microsoft Windows Search Component, Windows kernel-mode drivers, Microsoft Graphics Component, Internet Explorer, Windows kernel, Windows Wireless Networking, Windows Storage and Filesystems, Microsoft Windows DNS, Microsoft JET Database Engine, and the Windows SMB Server.
    For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Known issues in this update

Symptom Workaround
Installing this update may cause applications based on the Microsoft JET Database Engine (Microsoft Access 2007 and older or non-Microsoft applications) to fail when creating or opening Microsoft Excel .xls files. The error message is, “Unexpected error from external database driver (1). (Microsoft JET Database Engine)". Download and install the Microsoft Access Database Engine 2010 Redistributable, and then modify the DB connection strings in Microsoft Excel to use ACE as a provider. Example: Change Provider=Microsoft.Jet.OLEDB.4.0 to Provider=Microsoft.ACE.OLEDB.12.0.Microsoft is working on a resolution and will provide an update in an upcoming release.

How to get this update

This update is now available for installation through WSUS. To get the standalone package for this update, go to the Microsoft Update Catalog website.File informationFor a list of the files that are provided in this update, download the file information for update 4041679.

Related

mskb 22
openvas 20
nessus 13
kaspersky 4
prion 23
cve 23
qualysblog 1
huawei 2
trendmicroblog 1
talosblog 1
mscve 22
checkpoint_advisories 14
seebug 4
zdt 2
myhack58 2
symantec 21
zdi 6
threatpost 3
osv 1
veracode 1
redhatcve 1
msrc 1
alpinelinux 1
debiancve 1
ubuntu 1
ubuntucve 1
cloudfoundry 1
intel 1
suse 4
hp 1
mskb
mskb
October 10, 2017—KB4041678 (Security-only update)
2017-10-16 07:00:00
October 10, 2017—KB4041690 (Monthly Rollup)
2017-10-16 07:00:00
October 10, 2017—KB4041687 (Security-only update)
2017-10-16 07:00:00
openvas
openvas
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4041690)
2017-10-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4041693)
2017-10-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4041681)
2017-10-11 00:00:00
nessus
nessus
Windows Server 2012 October 2017 Security Updates (KRACK)
2017-10-10 00:00:00
Windows 8.1 and Windows Server 2012 R2 October 2017 Security Updates (KRACK)
2017-10-10 00:00:00
Windows 2008 October 2017 Multiple Security Updates (KRACK)
2017-10-12 00:00:00
kaspersky
kaspersky
KLA11108 Multiple vulnerabilities in Microsoft Products (ESU)
2017-10-10 00:00:00
KLA11111 Multiple vulnerabilities in Microsoft Windows
2017-10-10 00:00:00
KLA11852 Security UI vulnerability in Microsoft Products (ESU)
2017-10-16 00:00:00
prion
prion
Information disclosure
2017-10-13 13:29:00
Information disclosure
2017-10-13 13:29:00
Information disclosure
2017-10-13 13:29:00
cve
cve
CVE-2017-11785
2017-10-13 13:29:00
CVE-2017-11814
2017-10-13 13:29:00
CVE-2017-11765
2017-10-13 13:29:00
qualysblog
qualysblog
October Patch Tuesday: 28 Critical Microsoft Vulnerabilities
2017-10-10 18:23:41
huawei
huawei
Security Advisory - Two Remote Code Execution Vulnerabilities in Microsoft Windows
2017-12-20 00:00:00
Security Advisory - Remote Code Execution Vulnerability in Windows DNSAPI
2017-12-20 00:00:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 9, 2017
2017-10-13 14:03:59
talosblog
talosblog
Microsoft Patch Tuesday - October 2017
2017-10-10 13:25:00
mscve
mscve
Windows GDI Information Disclosure Vulnerability
2017-10-10 07:00:00
Windows Kernel Information Disclosure Vulnerability
2017-10-10 07:00:00
Windows Graphics Component Elevation of Privilege Vulnerability
2017-10-10 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Graphics Component Information Disclosure (CVE-2017-11816)
2017-11-09 00:00:00
Microsoft Windows DNSAPI NSEC3 Heap-based Buffer Overflow (CVE-2017-11779)
2017-10-18 00:00:00
Microsoft Windows Kernel NtQueryObject Information Disclosure (CVE-2017-11785)
2017-10-18 00:00:00
seebug
seebug
Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-11817)
2017-10-17 00:00:00
Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-11785)
2017-10-17 00:00:00
Windows KEPT remote code execution vulnerability analysis(CVE-2017-11779)
2017-10-16 00:00:00
zdt
zdt
Microsoft Windows Kernel Pool nt!NtQueryObject (ObjectNameInformation) Memory Disclosure Vulnerabi
2017-10-18 00:00:00
Microsoft Windows Kernel Pool nt!RtlpCopyLegacyContextX86 Memory Disclosure Vulnerability
2017-10-18 00:00:00
myhack58
myhack58
Important vulnerabilities early warning: the Windows DNS client in the broke multiple heap buffer overflow flaws vulnerabilities in bug-bug warning-the black bar safety net
2017-10-12 00:00:00
Microsoft windows October release of the 62 flaws vulnerability bug patch, and repair of the National researchers submitted the 0-day flaw vulnerability bug-vulnerability warning-the black bar safety net
2017-10-12 00:00:00
symantec
symantec
Microsoft Windows Graphics Component CVE-2017-11824 Local Privilege Escalation Vulnerability
2017-10-10 00:00:00
Microsoft Windows Storage CVE-2017-11818 Security Bypass Vulnerability
2017-10-10 00:00:00
Microsoft Windows Search CVE-2017-11772 Information Disclosure Vulnerability
2017-10-10 00:00:00
zdi
zdi
Microsoft Windows XLS File Heap-based Buffer Overflow Remote Code Execution Vulnerability
2017-10-10 00:00:00
Microsoft Windows SMB Out-Of-Bounds Read Denial of Service Vulnerability
2017-10-10 00:00:00
Microsoft Windows DNSAPI NSEC3_RecordRead Heap-based Buffer Overflow Remote Code Execution Vulnerability
2017-10-10 00:00:00
threatpost
threatpost
Microsoft Patches Critical Windows DNS Client Vulnerabilities
2017-10-10 14:00:55
Microsoft Patches Office Bug Actively Being Exploited
2017-10-10 16:44:08
Apple Patches KRACK Vulnerability in iOS 11.1
2017-10-31 15:12:18
osv
osv
CVE-2017-13080
2017-10-17 13:29:00
veracode
veracode
Key Reinstallation Attack (KRACK)
2019-05-16 01:48:06
redhatcve
redhatcve
CVE-2017-13080
2019-10-09 16:30:50
msrc
msrc
2017 年 10 月のセキュリティ更新プログラム (月例)
2017-10-10 07:00:00
alpinelinux
alpinelinux
CVE-2017-13080
2017-10-17 13:29:00
debiancve
debiancve
CVE-2017-13080
2017-10-17 13:29:00
ubuntu
ubuntu
Linux firmware vulnerabilities
2017-12-06 00:00:00
ubuntucve
ubuntucve
CVE-2017-13080
2017-10-16 00:00:00
cloudfoundry
cloudfoundry
USN-3505-1: Linux firmware vulnerabilities | Cloud Foundry
2017-12-14 00:00:00
intel
intel
Frame replay vulnerability in Wi-Fi subsystem in Intel® Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle
2017-12-07 00:00:00
suse
suse
Security update for kernel-firmware (important)
2017-11-27 22:19:04
Security update for kernel-firmware (important)
2017-11-30 03:12:49
Security update for the Linux Kernel (Live Patch 1 for SLE 12 SP3) (important)
2017-11-24 15:07:37
hp
hp
HPSBHF03582 rev. 2 - KRACK Vulnerability Affecting WPA2 Wireless Security
2018-04-03 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.799 High

EPSS

Percentile

98.3%

JSON
Related for KB4041679
mskb22openvas20nessus13kaspersky4prion23cve23qualysblog1huawei2trendmicroblog1talosblog1mscve22checkpoint_advisories14seebug4zdt2myhack582symantec21zdi6threatpost3osv1veracode1redhatcve1msrc1alpinelinux1debiancve1ubuntu1ubuntucve1cloudfoundry1intel1suse4hp1